Hopefully I've answered this in other chains, but there are Publishers that know which 3rd parties they work with and are actually motivated to ONLY secure an exception for those 3rd parties and not random 3rd parties that may sneak their way onto a publisher's properties (via beacon piggybacking, for example).
- Shane
-----Original Message-----
From: Nicholas Doty [mailto:npdoty@w3.org]
Sent: Tuesday, March 06, 2012 7:22 PM
To: Andy Zeigler
Cc: Kevin Smith; Tom Lowenthal; public-tracking@w3.org
Subject: Re: JS Exception API
On Mar 6, 2012, at 3:32 PM, Andy Zeigler wrote:
> If it isn't feasible for 1st-parties to know which 3rd-parties will render on their site, then websites will just use "*".
A 1st-party may not know which 3rd-parties will render on their site but still know which 3rd-parties on its site it needs a tracking exception for in order to make a monetization decision. For example, a lot of sites install social widgets and (I expect) don't require that those social widgets track the user in order to monetize their content. They could request a list of their analytics and advertising trackers they need for monetization purposes and a user could continue sending DNT:1 to the social networking widgets on the page.
> If sites only use "*", then I agree with you that it makes sense to scrap the per-3rd-party affordance altogether, as it has the side effect of massively simplifying implementations, *and* it solves the "DNT value accessibility from Javascript" issue. In other words, there would only be one possible DNT value per DOM, which means that any 3rd-party script will get the correct value.
I agree that we can use implementation experience to help guide us here. If no site ever uses anything but "*", then there would evidently be no use for that parameter. I'm not sure that's the case given what we've heard from publishers, but I'm very interested to hear more input there.
Thanks,
Nick